[gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

From: "Fabian Groffen" <grobian@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/
Date: Wed, 13 May 2020 07:45:21 +0000 (UTC)	[thread overview]
Message-ID: <1589355913.1468afd12e683a61448e2ff58c47e54715f0ff29.grobian@gentoo> (raw)

commit:     1468afd12e683a61448e2ff58c47e54715f0ff29
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Wed May 13 07:44:37 2020 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Wed May 13 07:45:13 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1468afd1

mail-mta/exim-4.93.0.4-r1: revbump for CVE-2020-12783

Bug: https://bugs.gentoo.org/722484
Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 ...xim-4.93.0.4.ebuild => exim-4.93.0.4-r1.ebuild} |  1 +
 mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch | 83 ++++++++++++++++++++++
 2 files changed, 84 insertions(+)

diff --git a/mail-mta/exim/exim-4.93.0.4.ebuild b/mail-mta/exim/exim-4.93.0.4-r1.ebuild
similarity index 99%
rename from mail-mta/exim/exim-4.93.0.4.ebuild
rename to mail-mta/exim/exim-4.93.0.4-r1.ebuild
index ae3fd4019c8..714de0e7045 100644
--- a/mail-mta/exim/exim-4.93.0.4.ebuild
+++ b/mail-mta/exim/exim-4.93.0.4-r1.ebuild
@@ -115,6 +115,7 @@ src_prepare() {
 	eapply     "${FILESDIR}"/exim-4.69-r1.27021.patch
 	eapply     "${FILESDIR}"/exim-4.93-localscan_dlopen.patch
 	eapply -p2 "${FILESDIR}"/exim-4.93-radius.patch # 720364
+	eapply     "${FILESDIR}"/exim-4.93-CVE-2020-12783.patch # 722484
 
 	if use maildir ; then
 		eapply "${FILESDIR}"/exim-4.20-maildir.patch

diff --git a/mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch b/mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch
new file mode 100644
index 00000000000..c957d5541e4
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch
@@ -0,0 +1,83 @@
+auths/spa: fix for CVE-2020-12783
+
+This is a combined patch of git commits:
+
+57aa14b216432be381b6295c312065b2fd034f86
+a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0
+
+leaving out whitespace noise for a smaller patch
+and made it apply to the 4.93 release
+
+modified paths because Exim dists differ in layout from the git repo
+
+Fix SPA authenticator, checking client-supplied data before using it.  Bug 2571
+Rework SPA fix to avoid overflows.  Bug 2571
+
+
+--- a/src/auths/auth-spa.c
++++ b/src/auths/auth-spa.c
+@@ -405,7 +405,7 @@ int
+ /* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */
+ {
+   int len = 0;
+-  register uschar digit1, digit2, digit3, digit4;
++  uschar digit1, digit2, digit3, digit4;
+ 
+   if (in[0] == '+' && in[1] == ' ')
+     in += 2;
+--- a/src/auths/spa.c
++++ b/src/auths/spa.c
+@@ -139,7 +139,8 @@ SPAAuthChallenge challenge;
+ SPAAuthResponse  response;
+ SPAAuthResponse  *responseptr = &response;
+ uschar msgbuf[2048];
+-uschar *clearpass;
++uschar *clearpass, *s;
++unsigned off;
+ 
+ /* send a 334, MS Exchange style, and grab the client's request,
+ unless we already have it via an initial response. */
+@@ -194,9 +195,19 @@ that causes failure if the size of msgbuf is exceeded. ****/
+ 
+   {
+   int i;
+-  char *p = ((char*)responseptr) + IVAL(&responseptr->uUser.offset,0);
++  char * p;
+   int len = SVAL(&responseptr->uUser.len,0)/2;
+ 
++  if (  (off = IVAL(&responseptr->uUser.offset,0)) >= sizeof(SPAAuthResponse)
++     || len >= sizeof(responseptr->buffer)/2
++     || (p = (CS responseptr) + off) + len*2 >= CS (responseptr+1)
++     )
++    {
++    DEBUG(D_auth)
++      debug_printf("auth_spa_server(): bad uUser spec in response\n");
++    return FAIL;
++    }
++
+   if (len + 1 >= sizeof(msgbuf)) return FAIL;
+   for (i = 0; i < len; ++i)
+     {
+@@ -245,12 +256,16 @@ spa_smb_nt_encrypt(clearpass, challenge.challengeData, ntRespData);
+ 
+ /* compare NT hash (LM may not be available) */
+ 
+-if (memcmp(ntRespData,
+-      ((unsigned char*)responseptr)+IVAL(&responseptr->ntResponse.offset,0),
+-      24) == 0)
+-  /* success. we have a winner. */
+-  {
++off = IVAL(&responseptr->ntResponse.offset,0);
++if (off >= sizeof(SPAAuthResponse) - 24)
++  {
++  DEBUG(D_auth)
++    debug_printf("auth_spa_server(): bad ntRespData spec in response\n");
++  return FAIL;
++  }
++s = (US responseptr) + off;
++
++if (memcmp(ntRespData, s, 24) == 0)
+   return auth_check_serv_cond(ablock);
+-  }
+ 
+   /* Expand server_condition as an authorization check (PH) */

next             reply	other threads:[~2020-05-13  7:45 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-13  7:45 Fabian Groffen [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-08-21  7:40 [gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/ Fabian Groffen
2024-02-16 12:08 Fabian Groffen
2024-02-11 20:07 Fabian Groffen
2024-01-28 18:20 Fabian Groffen
2024-01-12 11:56 Fabian Groffen
2023-12-25 10:42 Fabian Groffen
2023-12-25 10:42 Fabian Groffen
2023-11-08  8:03 Fabian Groffen
2023-05-27  9:25 Fabian Groffen
2023-01-03 10:22 Fabian Groffen
2022-10-19  9:20 Fabian Groffen
2020-06-08  8:06 Fabian Groffen
2020-05-09  9:57 Fabian Groffen
2019-08-02  6:44 Fabian Groffen
2019-06-11  8:17 Fabian Groffen
2019-02-19 12:20 Fabian Groffen
2017-10-08  9:24 Fabian Groffen
2017-10-05 13:39 Fabian Groffen
2017-09-20  6:47 Fabian Groffen
2017-06-19 16:06 Thomas Deutschmann
2017-03-11  7:58 Fabian Groffen
2016-07-08 11:28 Fabian Groffen
2016-03-04 10:58 Fabian Groffen
2015-12-11  9:23 Fabian Groffen
2015-10-19 10:52 Sergey Popov

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:ae3fd4019c dfblob:714de0e704 dfblob:c957d5541e )
 OR (
bs:"[gentoo-commits] repo/gentoo:master commit in: mail-mta/exim/, mail-mta/exim/files/" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1589355913.1468afd12e683a61448e2ff58c47e54715f0ff29.grobian@gentoo \
    --to=grobian@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox